Unrated severityNVD Advisory· Published Mar 8, 2022· Updated Apr 23, 2025

Path traversal in Icinga Web 2

CVE-2022-24716

Description

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.

Affected products

Icinga/Icingaweb2v5
Range: >= 2.9.0, < 2.9.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202208-05mitrevendor-advisory
packetstormsecurity.com/files/171774/Icinga-Web-2.10-Arbitrary-File-Disclosure.htmlmitre
github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773dmitre
github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frwmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000